Skip to main content
Skip table of contents

Identity Manager release note 23.10.3

Release date: 2023-12-04


Jira ticket no



Options have been added for smart card initialization with Nexus Personal Desktop Client. For more information, see Encodings using Personal Desktop Client middleware in Identity Manager.


Besides writing certificates and keys, the Pkcs#11 interfaces also allow to write arbitrary data objects on the smart card. This is now supported by Smart ID Identity Manager with different middleware. This is not supported with Nexus Personal Desktop Client. 

For more information, see Write data objects to smart cards


Added support for JCOP4 cards using Idopte middleware for the following use cases: 

  • Find out card type

  • Activate card and set PIN

  • Deactivate card

  • Unblock PIN

  • Change PIN

  • Write EF.ID and EF.FUNCTION to card

  • Write certificates to card

  • Perform certificate requests (PKCS#10)

  • Perform certificate archival and recovery

See Encoding using Idopte middleware in Identity Manager (and sub-pages) for more information. 


The sort order of card applications (encodings) was not deterministic when exporting/importing the configuration. Now a sort column has been added. When saving or importing a card template, the correct sort order will be persisted and used by Card production. For more information, see Upgrade Smart ID Identity Manager from 23.10.2 to 23.10.3


The performance of the history signature chain verification has been improved by enabling the verification in multiple threads. A new parameter "commonHistoryService.SignatureVerifyThreads" has been added for this. See List of Identity Manager system properties for more information.


Errors from the HTTP Client task can now be handled with the BPMN error Wrapper. See Error handling service tasks in Identity Manager for more information.


Added support for ECC encodings with CardOs middleware. See Set up elliptic curve cryptography encoding in Identity Manager and section “Supported smart cards and middleware in Identity Manager” in IDM 23.10.3 - Requirements and interoperability for more information. 


When exporting search results, translations now also include meta-fields like status and boolean fields and use the date-format of the user's locale.


When using Idopte Middleware, it is now possible to have the PIN Code of the card entered and checked before certificates are renewed in addition to identify with the adminkey.


The HTTP Client Task is now available as a service task in the integrated BPMN editor in Identity Manager Admin.


The D-Trust Certificate Service Manager API was based on SOAP but is now in the process of being replaced by a RESTful API. Smart ID Identity Manager now offers the option to use both, enabling customers to switch from one to the other.

For more information, see Integrate Identity Manager with D-Trust connector.


The attestation key generation tool has been improved to make it easier to use. The documentation has also been updated, see Sign and encrypt engine in Identity Manager


When pushing a CRL from Certificate Manager to Identity Manager, a response is now sent to Certificate Manager after the full list has been received and the signature verified. It is not waiting for Identity Manager to process the entire list.


The execute search task has been extended to make the full result list available in the process map. See Process - Standard service tasks in Identity Manager for more information.


A new possibility to validate if a process can be started has been added. It is now possible to use a script and make the visibility of the process dependent on the value of script variables, see Configure process start validation for more information. 


The Service Task Modify Roles automatically has been extended to resolve expressions for the roles to be set. See Set up process in Identity Manager for more information. 

Corrected bugs 

Jira ticket no



 There was an issue with wrong dates when creating .ics files. This has been fixed.


There was an issue where the history cleaning job would not delete all entries as defined. This has been fixed.


The name of the default attestation key has been changed in the respective Messaging Service tasks. 

For more information, see Sign and encrypt engine in Identity Manager.


There was an issue where messages from Scheduled Jobs were logged to idm_rf.log instead of idm_synch.log with the delivered log4j configuration file. This has been fixed.


There was an issue with processing revocation lists when the revocation reason was unspecified, and the certificate was set to "inactive" instead of the state specified in the configuration. This has been fixed. See Upgrade Smart ID Identity Manager from 23.10.2 to 23.10.3 if you have specified a different state than "inactive" for unspecified. 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.